Leader: How much more data loss can we stand?
And should we tolerate any?
Over the past couple of months we have been hit by a wave of data scandals, blunders and thefts which will have seriously undermined many people's confidence in the increased digitalisation of our lives and our identities.It came to a head this weekend as MasterCard revealed the full extent of a massive loss of data which may have seen as many as 40 million credit card accounts compromised by an intruder gaining access to a cardholder database.
This latest incident is the most headline grabbing, largely due to the size of the problem and the global profile of the company involved. It will hopefully prove a catalyst for serious discussion and, more importantly action, on the issue of data loss from within organisations.
Certainly it is a catalyst for change which is most definitely required - though not the ideal way to learn the lesson. Last week Citigroup lost almost four million account details. Prior to that we saw Bank of America lose more than one million customer accounts when backup tapes went astray. Japanese bank Mizuho also lost data from more than a quarter of a million customer accounts following a botched systems migration.
On a smaller scale, though no less worrying for those affected, UBS lost a hard disk containing thousands of customer account details.
And it's not just financial institutions. A California medical company lost data on 185,000 patients, while Time Warner admitted it too had seen backup tapes get 'lost in the post', compromising the personal data of as many as 600,000 employees past and present.
Meanwhile the University of Berkeley warned 98,000 people that the theft of a laptop from its Graduate Division had compromised their names, addresses, dates of birth and social security numbers. And Motorola admitted stolen PCs taken from one of its premises could also betray sensitive personal data.
And all this in the past couple of months - pushing the phrase 'it never rains but it pours' to the very limits of its potential. It's an issue which almost needs no further comment.
Whether it's lost backup tapes, a failed system migration, a stolen laptop, a stolen PC or an intruder gaining physical access to a database, the underlying and unifying fact is simple: it is not good enough.
Identities and credit card data are sought-after commodities among the criminal fraternity. Given that, it is inevitable they will be targeted and in the arms race of security there may be times when the criminals manage to gain an advantage. But too many of the above blunders appear to be evidence of companies failing to acknowledge the full extent of their responsibility and the full threat posed to their data.
All companies need to start quizzing themselves with such worst case scenarios in mind.
If PCs contain sensitive data, how can those PCs be picked up and walked off with? If that data is sensitive why not encrypt it? If that facility contains credit cardholder databases how can it be broken into?
If those laptops contain employee or student records, what are they doing going missing? And if they do - and you can sadly never plan for human error - what are they doing going missing with that data in a readable and accessible format?
If backup tapes can get lost so easily - and the evidence suggests they can - why is such a system still in use?
These organisations, particularly the banks, are making a great deal of money out of claims they can look after our money and be trusted to process highly sensitive transactions where security is essential.
It could easily be argued they are clearly not spending enough of that money on backing up such claims of security and integrity.